CVE-2021-36170

Summary

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiManager, FortiAnalyzerFortiManager 7.0.0, 6.4.6; FortiAnalyzer 7.0.0, 6.4.6affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References